In-house counsel should review currently effective confidentiality agreements to ensure that customary confidentiality provisions do not prevent an individual from communicating with the SEC about a potential securities law violation.

Review and potentially revise not only specifically titled confidentiality agreements, but also any agreement that may contain confidentiality provisions.

Create a culture of corporate compliance by encouraging employees to come forward with good-faith concerns. Employees should feel incentivized to report concerns first to their employer rather than the government.

Confidentiality agreements are boilerplate in many legal departments, but they shouldn't be. In-house counsel need to review all currently effective confidentiality agreements with anyone who could potentially be a whistleblower to ensure that customary confidentiality provisions do not prevent an individual from communicating with the Securities and Exchange Commission (SEC) about a potential securities law violation.

On April 1, 2015, the SEC announced that it had accepted a $130,000 civil fine settlement offer from KBR, Inc. stemming from a standard confidentiality agreement KBR used when it conducted internal investigations concerning allegations of illegal or unethical conduct by KBR or its employees. This was no April Fool's Day joke.

In the confidentiality agreement, KBR employees agreed that:

I understand that in order to protect the integrity of this review, I am prohibited from discussing any particulars regarding this interview and the subject matter discussed during the interview, without the prior authorization of the Law Department. I understand that the unauthorized disclosure of information may be grounds for disciplinary action up to and including termination of employment.

No person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement ... with respect to such communications.

Remarkably, no KBR employee was prevented from communicating with the SEC and KBR had not tried to enforce the provision or prevent anyone from speaking with the SEC. In the opinion of the staff, the language within the confidentiality agreement alone was sufficient to violate Rule 21F-17(a).

Sean McKessy, chief of the SEC's Office of the Whistleblower, warned in-house counsel as far back as September 2014 that the SEC was looking into the terms of confidentiality agreements and had in-house lawyers in its sights. According to a Wall Street Journal article published on Sept. 17, 2014, Mr. McKessy, while speaking at an ethics conference in Chicago, warned that:

We are going to bring a case sooner rather than later. If you are an in-house lawyer drafting language saying you can't come to the SEC, it's not just the company that is in peril, you are too.

What Can In-House Counsel Do Proactively?

As a part of a comprehensive approach to compliance, here are some basic best practices in-house counsel may consider:

Review all of the company's currently effective confidentiality agreements for language that could be viewed to chill or discourage disclosure to the SEC and potentially other governmental authorities. Note that KBR agreed with the SEC that it would include language in its future confidentiality agreements informing counter-parties that the agreement did not prohibit them from reporting violations of federal law to "any governmental agency," including the DOJ, Congress and any inspector general.

Expand this review to include confidentiality agreements not only with employees but with anyone who could come into possession of original information about federal securities laws violations. In addition to agreements with employees, agreements with customers, investors, independent contractors, accountants, subcontractors, and joint venture and teaming partners should be reviewed because Rule 21F-17(a) prohibits impeding any "individual" from communicating directly with the SEC.

Revise form confidentiality agreements as necessary. Arguably, KBR went farther than required by Rule 21F-17(a) in its revised confidentiality language, but in-house counsel should ensure that form confidentiality agreements contain express exclusions from the scope of the confidentiality protections to permit anyone to communicate with the SEC. For example, "Nothing in this Agreement prohibits [you] from communicating directly with the U.S. Securities and Exchange Commission, or any member of its staff, about any possible violation of federal securities law or making any disclosure protected under the whistleblower provisions of federal law or regulation. You do not need the approval of counsel for [the company] prior to communicating directly with the SEC or its staff."

Communicate in writing with confidentiality agreement counter-parties as necessary and indicate that, even if your company's agreement lacks express language excepting protected whistleblower communications with the SEC, your company intends for the agreement to include this exception. Moreover, if the counter-party wants to amend the agreement formally to include the exception, indicate that the company would do so. Have a form of confidentiality agreement amendment prepared in advance in case a counter-party would like to amend the agreement.

Review and revise not only specifically titled confidentiality agreements but also any agreement that may contain confidentiality provisions, including employment, severance and settlement agreements; investment and subscription agreements; shareholder agreements; customer contracts; partnership agreements and the like. Also, examine all company policy manuals and training materials to ensure that they inform employees that they may communicate with the SEC in the manner protected by federal law and regulations.

Create a culture of corporate compliance. Encourage employees to come forward with good-faith concerns. Mr. McKessy suggests that employees should feel incentivized to report concerns internally first. This could reduce the likelihood that an individual would attempt to access the rewards available to whistleblowers. He indicates that many people who contact his office said that they tried to talk with the company first but that their concerns were not heard or addressed.

Specifically, ensure that your department has a process to review internal reports of compliance questions and that you have a hot-line or special firm email inbox available to report concerns. Ensure that employees have – in writing – that their confidentiality will be maintained by the company and that they will not suffer any retaliation as a result of making their concerns known.

In-house counsel of non-publicly traded companies should proceed the same way as those of publicly traded companies. The anti-fraud provisions of the federal securities laws apply to private placements. Additionally, pay careful attention to confidentiality agreements with potential investors or acquirers in an M&A transaction. While in-house counsel should focus on these types of agreements, note that other individuals besides investors and suitors may have information tending to show that private placement memoranda or other disclosure could be false or misleading. Therefore, it is important to review other confidentiality agreements as well.

Information contained in this alert is for the general education and knowledge of our readers. It is not designed to be, and should not be used as, the sole source of information when analyzing and resolving a legal problem. Moreover, the laws of each jurisdiction are different and are constantly changing. If you have specific questions regarding a particular fact situation, we urge you to consult competent legal counsel.